Attorney Docket No. NETSOO 



CLAIMS 



A process for a simplified access control language that controls access to directory 
in a computer environment, comprising the steps of: 

a user defined read list containing user identifications that are allowed to 
read a specified set of attributes; 

providing\system administrator defined read access control command; 
said read acb^ss control command listing the user attributes that said administrator 
1 0 has selected for user defined read access; and 

said read access cbirtrol command referring to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

2. The process of Claim 1 , wherein upon a client read access, the directory server 
\t selects a specific read access control command according to the attribute being accessed 

and refers to the read list of the owner of the attribute being accessed to determine if said 
^ client has permission to execute said read access. 
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3. The process of Claim 1 , further comprising the steps of: 
20 providing a user defined write list containing user identifications that are allowed to 

write a specified set of attributes; 

providing a system administrator defined write access control command; 
f U said write access control command listing the user attributes that said administrator 

% i has selected for user defined write access; and 

25 said write access control command referring to said user defined write list thereby 

allowing said write user identifications write access to said user attributes. 

4. The process of Claim 3, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 

30 and refers to the write list of the owner of the attribute being accessed to determine if said 
client has permission to execute said write access. 
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process for a simplified access control language that controls access to directory 
in a computer environment, comprising the steps of: 
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\ providing a system administrator defined read access control command that lists the 
user attributes that said administrator has selected for user defined read access; 

providing a system administrator defined write access control command that lists the 
user attribbtes that said administrator has selected for user defined write access; 

providing a plurality of user defined read lists containing user identifications that are 
allowed to read^aid user attributes that said administrator has selected for user defined read 
access; and \ 

providing a plurality of user defined write lists containing user identifications that are 
allowed to write said u^er attributes that said administrator has selected for user defined 
write access; \ 

wherein when a clienftead access to one of the user attributes that said administrator 
has selected for user defined r&id access occurs, said read access control command and 
the read list of the owner of the aW>ute being accessed are used to determine if said client 
has permission to execute said readWcess; and 

wherein when a client write access to one of the user attributes that said administrator 
has selected for user defined write access occurs, said write access control command and 
the write list of the owner of the attribute beiNa accessed are used to determine if said client 
has permission to execute said write access. \ 

6. A process for a simplified access control lahauage that controls access to directory 
entries in a computer environment, comprising the stefos of: 

providing a user defined write list containing usee identifications that are allowed to 
write a specified set of attributes; \ 

providing a system administrator defined write accessoontrol command; 

said write access control command listing the user attributes that said administrator 
has selected for user defined write access; and \ 

said write access control command referring to said user defined write list thereby 
allowing said write user identifications write access to said user attributes^ 

7. The process of Claim 6, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 
and refers to the write list of the owner of the attribute being accessed to determine if said 
client has permission to execute said write access. 

8. The process of Claim 6, further comprising the steps of: 
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providing a user defined read list containing user identifications that are allowed to 
read a specified set of attributes; and 

providing a system administrator defined read access control command; 

wherein said read access control command lists the user attributes that said 
5 administrator has selected for user defined read access; and 

wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

9. The process of Claim 8, wherein upon a client read access, the directory server 
1 0 selects a specific read access control command according to the attribute being accessed 
and refers to the read list of the owner of the attribute being accessed to determine if said 
client has permission to execute said read access. 

£>0fcC^7 ^1 An a PP aratus for a simplified access control language that controls access to directory 
t5 entrh^ in a computer environment, comprising: 

.user defined read list containing user identifications that are allowed to read a 
specified s^of attributes; and 
^ a systemNadministrator defined read access control command; 

s= wherein satol read access control command lists the user attributes that said 

M administrator has selected for user defined read access; and 

* u wherein said reacr s ^ccess control command refers to said user defined read list 

M thereby allowing said read use^identifications read access to said user attributes. 



1 1 . The apparatus of Claim 10, wherein upon a client read access, the directory server 
selects a specific read access control command according to the attribute being accessed 
and refers to the read list of the owner of the attribute being accessed to determine if said 
client has permission to execute said read access. 

1 2. The apparatus of Claim 1 0, further comprising: 

a user defined write list containing user identifications that are allowed to write a 
specified set of attributes; and 

a system administrator defined write access control command; 

wherein said write access control command lists the user attributes that said 
administrator has selected for user defined write access; and 
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wherein said write access control command refers to said user defined write list 
thereby allowing said write user identifications write access to said user attributes. 
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13. The apparatus of Claim 12, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 
and refers to the write list of the owner of the attribute being accessed to determine if said 
client has permission to execute said write access. 

4. An apparatus for a simplified access control language that controls access to directory 
envies in a computer environment, comprising: 

a system administrator defined read access control command that lists the user 
attributes that said administrator has selected for user defined read access; 

a system administrator defined write access control command that lists the user 
attributes tha^said administrator has selected for user defined write access; 

a pluralist of user defined read lists containing user identifications that are allowed to 
read said user attNjputes that said administrator has selected for user defined read access; 
and 

a plurality of usdr defined write lists containing user identifications that are allowed to 
write said user attributes t^at said administrator has selected for user defined write access; 

wherein when a clientread access to one of the user attributes that said administrator 
has selected for user definedVead access occurs, said read access control command and 
the read list of the owner of the attribute being accessed are used to determine if said client 
has permission to execute said read access; and 

wherein when a client write access to one of the user attributes that said administrator 
has selected for user defined write access occurs, said write access control command and 
the write list of the owner of the attribute Being accessed are used to determine if said client 
has permission to execute said write access 



1 5. An apparatus for a simplified access control language that controls access to directory 
30 entries in a computer environment, comprising: 

a user defined write list containing user identifications that are allowed to write a 
specified set of attributes; and 

a system administrator defined write access contrdl command; 
wherein said write access control command lisra the user attributes that said 
35 administrator has selected for user defined write access; and^ 
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wterein said write access control command refers to said user defined write list 
thereby alloWjpg said write user identifications write access to said user attributes. 

16. The apparatus of Claim 15, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 
and refers to the write list of the owner of the attribute being accessed to determine if said 
client has permission to execute said write access. 

1 7. The apparatus of Claim 1 5, further comprising: 

a user defined read list containing user identifications that are allowed to read a 
specified set of attributes; 

a system administrator defined read access control command; 

wherein said read access control command lists the user attributes that said 
administrator has selected for user defined read access; and 

wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

1 8. The apparatus of Claim 1 7, wherein upon a client read access, the directory server 
selects a specific read access control command according to the attribute being accessed 
and refers to the read list of the owner of the attribute being accessed to determine if said 
client has permission to execute said read access. 

\9. A program storage medium readable by a computer, tangibly embodying a 
program of instructions executable by the computer to perform method steps for a 
simplified access control language that controls access to directory entries in a computer 
environment, comprising the steps of: 

providing a user defined read list containing user identifications that are allowed to 
read a specified set of attributes; 

providingV system administrator defined read access control command; 

said read abcess control command listing the user attributes that said administrator 
has selected for userWined read access; and 

said read accesVcontrol command referring to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 




20. The method of Claim 19, wherein upon a client read access, the directory server 
selects a specific read access control command according to the attribute being accessed 
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and refers to the read list of the owner of the attribute being accessed to determine if said 
client has permission to execute said read access. 



10 



21 . The method of Claim 1 9, further comprising the steps of: 

providing a user defined write list containing user identifications that are allowed to 
write a specified set of attributes; 

providing a system administrator defined write access control command; 

said write access control command listing the user attributes that said administrator 
has selected for user defined write access; and 

said write access control command referring to said user defined write list thereby 
allowing said write user identifications write access to said user attributes. 



22. The method of Claim 21, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 
i | and refers to the write list of the owner of the attribute being accessed to determine if said 
H client has permission to execute said write access. 

3. A program storage medium readable by a computer, tangibly embodying a 
~ prcJigram of instructions executable by the computer to perform method steps for a 
i(E) simplified access control language that controls access to directory entries in a computer 
u environnWit, comprising the steps of: 

M providing a system administrator defined read access control command that lists the 

yr { user attributes tnat said administrator has selected for user defined read access; 
%j providing a system administrator defined write access control command that lists the 

25 user attributes that sai^administrator has selected for user defined write access; 

providing a pluraW of user defined read lists containing user identifications that are 

allowed to read said user attKibutes that said administrator has selected for user defined read 

access; 

providing a plurality of u^r defined write lists containing user identifications that are 
30 allowed to write said user attributes that said administrator has selected for user defined 
write access; 

wherein when a client read acces^to one of the user attributes that said administrator 
has selected for user defined read access occurs, said read access control command and 
the read list of the owner of the attribute being accessed are used to determine if said client 
35 has permission to execute said read access; anc 
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\ wherein when a client write access to one of the user attributes that said administrator 
has, selected for user defined write access occurs, said write access control command and 
the write list of the owner of the attribute being accessed are used to determine if said client 
has penrnssion to execute said write access. 

24. A program storage medium readable by a computer, tangibly embodying a 
program of irwuctions executable by the computer to perform method steps for a 
simplified acces^control language that controls access to directory entries in a computer 
environment, composing the steps of: 

providing a us^r defined write list containing user identifications that are allowed to 
write a specified set of attributes; 

providing a systemSadministrator defined write access control command; 

said write access control command listing the user attributes that said administrator 
has selected for user defined We access; and 

said write access controXcommand referring to said user defined write list thereby 
allowing said write user identifications write access to said user attributes. 

25. The method of Claim 24, wherein upon a client write access, the directory server 
selects a specific write access control command according to the attribute being accessed 
and refers to the write list of the owner of the attribute being accessed to determine if said 
client has permission to execute said write access. 

26. The method of Claim 24, further comprising the steps of: 

providing a user defined read list containing user identifications that are allowed to 
read a specified set of attributes; and 

providing a system administrator defined read access control command; 

wherein said read access control command lists the user attributes that said 
administrator has selected for user defined read access; and 

wherein said read access control command refers to said user defined read list thereby 
allowing said read user identifications read access to said user attributes. 

27. The method of Claim 26, wherein upon a client read access, the directory server 
selects a specific read access control command according to the attribute being accessed 
and refers to the read list of the owner of the attribute being accessed to determine if said 
client has permission to execute said read access. 
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